Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e107 vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2016-10378
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
E107 E107 2.1.1
605
VMScore
CVE-2014-9459
Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote malicious users to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an ...
E107 E107 2.0
383
VMScore
CVE-2012-3843
Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
E107 E107 1.0.1
445
VMScore
CVE-2011-3731
e107 0.7.24 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files.
E107 E107 0.7.24
383
VMScore
CVE-2011-4920
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions prior to 1.0.0, allow remote malicious users to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, ...
E107 E107 0.7.26
383
VMScore
CVE-2018-16381
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.
E107 E107 2.1.8
578
VMScore
CVE-2018-16388
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote malicious users to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
E107 E107 2.1.8
490
VMScore
CVE-2018-16389
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
E107 E107 2.1.8
NA
CVE-2023-43873
A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local malicious user to execute arbitrary code via a crafted script to the Name filed in the Manage Menu.
E107 E107 Cms 2.3.2
NA
CVE-2023-43874
Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local malicious user to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu.
E107 E107 Cms 2.3.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »